Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
14/06/2023, 12:44
General
-
Target
syspool.exe
-
Size
24KB
-
MD5
148bb976482ca11fff424dbda6882d2f
-
SHA1
e76bba0c90ef3df93ca863cc25ad390a18ee8d86
-
SHA256
7fb99af8a9403c406bc0883a9ae0f0d11d46d73e4ce5a9462d22e9b6ede25749
-
SHA512
3bfe4227a23dda9316c977e28ae8c45762ca302aeddb0cb5e4efb6d2af52c1b18318f41e02f20f55349431b83f98acd23bdfa2a2a1691a799fd7b23c9b3c974d
-
SSDEEP
384:sFETAe6dXgoQMORTtWKRWiWrTLUonW41ldc2HgbX:sYAPJQnR9WrVnWi7to
Score
9/10
Malware Config
Signatures
-
Contacts a large (3596) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\syspool.exe"C:\Users\Admin\AppData\Local\Temp\syspool.exe"1⤵
- Adds Run key to start application